Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7.
References
Link | Resource |
---|---|
https://github.com/decidim/decidim/releases/tag/v0.26.6 | Release Notes |
https://github.com/decidim/decidim/releases/tag/v0.27.3 | Release Notes |
https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9 | Third Party Advisory |
https://github.com/decidim/decidim/releases/tag/v0.26.6 | Release Notes |
https://github.com/decidim/decidim/releases/tag/v0.27.3 | Release Notes |
https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/decidim/decidim/releases/tag/v0.26.6 - Release Notes | |
References | () https://github.com/decidim/decidim/releases/tag/v0.27.3 - Release Notes | |
References | () https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
21 Jul 2023, 17:16
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/decidim/decidim/releases/tag/v0.27.3 - Release Notes | |
References | (MISC) https://github.com/decidim/decidim/releases/tag/v0.26.6 - Release Notes |
19 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7. |
19 Jul 2023, 00:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | (MISC) https://github.com/decidim/decidim/releases/tag/v0.26.6 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/decidim/decidim/releases/tag/v0.27.3 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9 - Third Party Advisory | |
CPE | cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:* | |
First Time |
Decidim decidim
Decidim |
11 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-11 18:15
Updated : 2024-11-21 08:06
NVD link : CVE-2023-34089
Mitre link : CVE-2023-34089
CVE.ORG link : CVE-2023-34089
JSON object : View
Products Affected
decidim
- decidim
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')